index
:
fripost-ansible
master
Fripost ansible scripts
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
roles
/
common
Commit message (
Expand
)
Author
Age
Files
*
Postfix: pin key material to our MX:es for fripost.org and its subdomains.
Guilhem Moulin
2021-01-26
1
*
Firewall: Always include 172.16.0.0/12 to the bogon list.
Guilhem Moulin
2020-11-15
1
*
Firewall: Add counter to dropped ICMP packets.
Guilhem Moulin
2020-11-15
1
*
rkhunter: workaround for mix usrmerge/non-usrmerge environments.
Guilhem Moulin
2020-11-15
1
*
Firewall: ICMPv6: accept link-local multicast receiver notification messages.
Guilhem Moulin
2020-11-15
1
*
Change NTP client to systemd-timesyncd.
Guilhem Moulin
2020-11-15
5
*
logcheck-database update.
Guilhem Moulin
2020-11-15
4
*
Firewall: allow ICMP type 11 (time time-exceeded).
Guilhem Moulin
2020-11-03
1
*
Bacula: refactor systemd service files.
Guilhem Moulin
2020-11-03
2
*
Firewall: Move IPsec/ICMP/ICMPv6 rules to ingress chain.
Guilhem Moulin
2020-11-03
1
*
Firewall: Move martian and bogus TCP filters early in the packet flow.
Guilhem Moulin
2020-11-02
1
*
kernel parameters: Disable SYN cookies and improve SYN backlog handling.
Guilhem Moulin
2020-11-02
1
*
typofix
Guilhem Moulin
2020-11-02
1
*
IMAP: Update role to Debian Buster.
Guilhem Moulin
2020-05-19
1
*
MSA: Update role to Debian Buster.
Guilhem Moulin
2020-05-19
1
*
s/LDAP-provider/LDAP_provider/
Guilhem Moulin
2020-05-19
2
*
stunnel4: Harden and socket-activate.
Guilhem Moulin
2020-05-18
2
*
Firewall: note on reqid matching.
Guilhem Moulin
2020-05-18
1
*
AEAD ciphers: Add EECDH+CHACHA20 macro.
Guilhem Moulin
2020-05-18
1
*
Firewall: Use `meta secpath exists` to match xfrm associations.
Guilhem Moulin
2020-05-18
1
*
Remove 'meta: flush_handlers' directives under conditionals.
Guilhem Moulin
2020-05-17
1
*
Roundcube: Port to Debian 10.
Guilhem Moulin
2020-05-17
1
*
typofix
Guilhem Moulin
2020-05-16
1
*
Upgrade baseline to Debian 10.
Guilhem Moulin
2020-05-16
23
*
/etc/apt/sources.list: Use https:// URIs.
Guilhem Moulin
2020-01-25
1
*
Improve/harden fail2ban configuration.
Guilhem Moulin
2020-01-25
7
*
Convert firewall to nftables.
Guilhem Moulin
2020-01-23
11
*
Postfix: disable DNS lookups on the internal SMTPds.
Guilhem Moulin
2020-01-23
1
*
tr/-/_/ in group names.
Guilhem Moulin
2020-01-22
3
*
MSA: Open 465/TCP for Email Submission over TLS.
Guilhem Moulin
2019-03-19
4
*
firewall: gracefully close invalid connections.
Guilhem Moulin
2018-12-22
1
*
fail2ban: Only install the roundcube/dovecot filters if needed.
Guilhem Moulin
2018-12-15
1
*
submission: Prospective SPF checking.
Guilhem Moulin
2018-12-12
2
*
IPsec: use Suite-B-GCM-256 algorithms for IKEv2 & ESP.
Guilhem Moulin
2018-12-09
1
*
MSA verification probes: enable opportunistic encryption.
Guilhem Moulin
2018-12-09
1
*
Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch.
Guilhem Moulin
2018-12-09
6
*
Disable resume device.
Guilhem Moulin
2018-12-09
3
*
systemd.service: Tighten hardening options.
Guilhem Moulin
2018-12-09
2
*
bacula-*.service: Don't fork in the background.
Guilhem Moulin
2018-12-09
1
*
Upgrade 'lists' role to Debian Stretch.
Guilhem Moulin
2018-12-09
1
*
Firewall: disable outgoing access to git:// remote servers.
Guilhem Moulin
2018-12-09
1
*
systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’.
Guilhem Moulin
2018-12-09
2
*
Firewall: REJECT outgoing connections instead of DROPing them.
Guilhem Moulin
2018-12-09
1
*
Don't install the haveged entropy daemon.
Guilhem Moulin
2018-12-09
2
*
ntp.conf: reduce delta with the packaged version.
Guilhem Moulin
2018-12-09
1
*
MX: chroot postscreen(8), smtpd(8) and cleanup(8) daemons.
Guilhem Moulin
2018-12-09
1
*
postfix: remove explicit default 'mail_owner = postfix'.
Guilhem Moulin
2018-12-06
1
*
postfix ≥3.0: don't advertise SMTPUTF8 support.
Guilhem Moulin
2018-12-06
1
*
DKIM: also include the "d=" tag in key filenames, not only the "s=" tag.
Guilhem Moulin
2018-12-05
1
*
Install unbound on metal hosts.
Guilhem Moulin
2018-12-03
4
[next]